notion-research-documentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the user to register an external Model Context Protocol (MCP) server from
https://mcp.notion.com/mcp. While this appears to be an official domain, it is not on the predefined trusted source list. - DATA_EXFILTRATION (LOW): The skill performs network operations via the Notion MCP to search and fetch data. The domain
mcp.notion.comis not on the exfiltration whitelist, though its use is consistent with the skill's primary purpose. - Indirect Prompt Injection (LOW): The skill has a data ingestion surface (Category 8) as it fetches untrusted content from Notion pages to generate reports.
- Ingestion points: Content is retrieved using
Notion:notion-fetchin theGather sourcesworkflow. - Boundary markers: The skill uses markdown templates (e.g.,
reference/research-summary-template.md) but lacks explicit instructions for the model to ignore embedded commands within the fetched data. - Capability inventory: The skill can create and update pages (
Notion:notion-create-pages,Notion:notion-update-page), which could be used to propagate malicious content. - Sanitization: There is no evidence of sanitization or filtering for the data retrieved from Notion.
Audit Metadata